diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index d8b0786c0..b8b327c99 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -646,6 +646,18 @@ #error "MBEDTLS_SSL_CID defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_CID) && \ + defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && \ + MBEDTLS_SSL_CID_IN_LEN_MAX > 255 +#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)" +#endif + +#if defined(MBEDTLS_SSL_CID) && \ + defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && \ + MBEDTLS_SSL_CID_OUT_LEN_MAX > 255 +#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)" +#endif + #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) && \ ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) ) #error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT defined, but not all prerequisites" diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f40506565..8c5dd140b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -386,6 +386,10 @@ #define MBEDTLS_TLS_EXT_SESSION_TICKET 35 +/* The value of the CID extension is still TBD as of + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04. */ +#define MBEDTLS_TLS_EXT_CID 254 /* TBD */ + #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */ #define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01 @@ -1266,6 +1270,21 @@ struct mbedtls_ssl_context char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ #endif /* MBEDTLS_SSL_RENEGOTIATION */ + +#if defined(MBEDTLS_SSL_CID) + /* CID configuration to use in subsequent handshakes. */ + + /*! The next incoming CID, chosen by the user and applying to + * all subsequent handshakes. This may be different from the + * CID currently used in case the user has re-configured the CID + * after an initial handshake. */ + unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ]; + uint8_t own_cid_len; /*!< The length of \c own_cid. */ + uint8_t negotiate_cid; /*!< This indicates whether the CID extension should + * be negotiated in the next handshake or not. + * Possible values are #MBEDTLS_SSL_CID_ENABLED + * and #MBEDTLS_SSL_CID_DISABLED. */ +#endif /* MBEDTLS_SSL_CID */ }; #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) @@ -1609,6 +1628,13 @@ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, * progress, this function will attempt to complete * the handshake first. * + * \note If CID extensions have been exchanged but both client + * and server chose to use an empty CID, this function + * sets `*enabled` to #MBEDTLS_SSL_CID_DISABLED + * (the rationale for this is that the resulting + * communication is the same as if the CID extensions + * hadn't been used). + * * \return \c 0 on success. * \return A negative error code on failure. */ @@ -3135,7 +3161,7 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_ * (Default: 2^48 - 1) * * Renegotiation is automatically triggered when a record - * counter (outgoing or ingoing) crosses the defined + * counter (outgoing or incoming) crosses the defined * threshold. The default value is meant to prevent the * connection from being closed when the counter is about to * reached its maximal value (it is not allowed to wrap). diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 9c4be53f7..e5da547c7 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -372,6 +372,18 @@ struct mbedtls_ssl_handshake_params unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter for resending messages */ +#if defined(MBEDTLS_SSL_CID) + /* The state of CID configuration in this handshake. */ + + uint8_t cid_in_use; /*!< This indicates whether the use of the CID extension + * has been negotited. Possible values are + * #MBEDTLS_SSL_CID_ENABLED and + * #MBEDTLS_SSL_CID_DISABLED. */ + unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; /*! The peer's CID */ + uint8_t peer_cid_len; /*!< The length of + * \c peer_cid. */ +#endif /* MBEDTLS_SSL_CID */ + struct { size_t total_bytes_buffered; /*!< Cumulative size of heap allocated @@ -597,6 +609,13 @@ struct mbedtls_ssl_transform mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ int minor_ver; +#if defined(MBEDTLS_SSL_CID) + uint8_t in_cid_len; + uint8_t out_cid_len; + unsigned char in_cid [ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; + unsigned char out_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ]; +#endif /* MBEDTLS_SSL_CID */ + /* * Session specific compression layer */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index aabf4d485..45f4c4047 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -475,6 +475,54 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ +#if defined(MBEDTLS_SSL_CID) +static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen ) +{ + unsigned char *p = buf; + size_t ext_len; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + + /* + * Quoting + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: + * + * struct { + * opaque cid<0..2^8-1>; + * } ConnectionId; + */ + + *olen = 0; + if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) + { + return; + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) ); + + /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX + * which is at most 255, so the increment cannot overflow. */ + if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + /* Add extension ID + size */ + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + ext_len = (size_t) ssl->own_cid_len + 1; + *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + + *p++ = (uint8_t) ssl->own_cid_len; + memcpy( p, ssl->own_cid, ssl->own_cid_len ); + + *olen = ssl->own_cid_len + 5; +} +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -1085,6 +1133,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_SSL_CID) + ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; @@ -1242,6 +1295,62 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_CID) +static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + size_t peer_cid_len; + + if( /* CID extension only makes sense in DTLS */ + ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + /* The server must only send the CID extension if we have offered it. */ + ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + if( len == 0 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + peer_cid_len = *buf++; + len--; + + if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + if( len != peer_cid_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension invalid" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); + } + + ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; + ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; + memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Server CID", buf, peer_cid_len ); + + return( 0 ); +} +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1893,6 +2002,20 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_CID) + case MBEDTLS_TLS_EXT_CID: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); + + if( ( ret = ssl_parse_cid_ext( ssl, + ext + 4, + ext_size ) ) != 0 ) + { + return( ret ); + } + + break; +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt_then_mac extension" ) ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 33a38a652..51340b443 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -475,6 +475,78 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +#if defined(MBEDTLS_SSL_CID) +static int ssl_parse_cid_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + size_t peer_cid_len; + + /* CID extension only makes sense in DTLS */ + if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* + * Quoting + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: + * + * struct { + * opaque cid<0..2^8-1>; + * } ConnectionId; + */ + + if( len < 1 ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + peer_cid_len = *buf++; + len--; + + if( len != peer_cid_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + /* Ignore CID if the user has disabled its use. */ + if( ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) + { + /* Leave ssl->handshake->cid_in_use in its default + * value of MBEDTLS_SSL_CID_DISABLED. */ + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Client sent CID extension, but CID disabled" ) ); + return( 0 ); + } + + if( peer_cid_len > MBEDTLS_SSL_CID_OUT_LEN_MAX ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message" ) ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO ); + } + + ssl->handshake->cid_in_use = MBEDTLS_SSL_CID_ENABLED; + ssl->handshake->peer_cid_len = (uint8_t) peer_cid_len; + memcpy( ssl->handshake->peer_cid, buf, peer_cid_len ); + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Use of CID extension negotiated" ) ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Client CID", buf, peer_cid_len ); + + return( 0 ); +} +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, @@ -1823,6 +1895,16 @@ read_record_header: break; #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_CID) + case MBEDTLS_TLS_EXT_CID: + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found CID extension" ) ); + + ret = ssl_parse_cid_ext( ssl, ext + 4, ext_size ); + if( ret != 0 ) + return( ret ); + break; +#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) case MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC: MBEDTLS_SSL_DEBUG_MSG( 3, ( "found encrypt then mac extension" ) ); @@ -2100,6 +2182,54 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ +#if defined(MBEDTLS_SSL_CID) +static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + size_t *olen ) +{ + unsigned char *p = buf; + size_t ext_len; + const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + + *olen = 0; + + /* Skip writing the extension if we don't want to use it or if + * the client hasn't offered it. */ + if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_DISABLED ) + return; + + /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX + * which is at most 255, so the increment cannot overflow. */ + if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); + return; + } + + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, adding CID extension" ) ); + + /* + * Quoting + * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04: + * + * struct { + * opaque cid<0..2^8-1>; + * } ConnectionId; + */ + + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID ) & 0xFF ); + ext_len = (size_t) ssl->own_cid_len + 1; + *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); + *p++ = (unsigned char)( ( ext_len ) & 0xFF ); + + *p++ = (uint8_t) ssl->own_cid_len; + memcpy( p, ssl->own_cid, ssl->own_cid_len ); + + *olen = ssl->own_cid_len + 5; +} +#endif /* MBEDTLS_SSL_CID */ + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, unsigned char *buf, @@ -2621,6 +2751,11 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif +#if defined(MBEDTLS_SSL_CID) + ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); + ext_len += olen; +#endif + #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 50464751c..4d41d8328 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -121,34 +121,66 @@ static void ssl_update_in_pointers( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_CID) /* Top-level Connection ID API */ -/* WARNING: This implementation is a stub and doesn't do anything! - * It is included solely to allow review and coding against - * the new Connection CID API. */ +/* WARNING: The CID feature isn't fully implemented yet + * and will not be used. */ int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl, int enable, unsigned char const *own_cid, size_t own_cid_len ) { - ((void) ssl); - ((void) enable); - ((void) own_cid); - ((void) own_cid_len); + ssl->negotiate_cid = enable; + if( enable == MBEDTLS_SSL_CID_DISABLED ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Disable use of CID extension." ) ); + return( 0 ); + } + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Enable use of CID extension." ) ); + + if( own_cid_len > MBEDTLS_SSL_CID_IN_LEN_MAX ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "CID too large: Maximum %u, actual %u", + (unsigned) MBEDTLS_SSL_CID_IN_LEN_MAX, + (unsigned) own_cid_len ) ); + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + memcpy( ssl->own_cid, own_cid, own_cid_len ); + /* Truncation is not an issue here because + * MBEDTLS_SSL_CID_IN_LEN_MAX at most 255. */ + ssl->own_cid_len = (uint8_t) own_cid_len; + + MBEDTLS_SSL_DEBUG_BUF( 3, "Own CID", own_cid, own_cid_len ); return( 0 ); } -/* WARNING: This implementation is a stub and doesn't do anything! - * It is included solely to allow review and coding against - * the new Connection CID API. */ +/* WARNING: The CID feature isn't fully implemented yet + * and will not be used. */ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, int *enabled, unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ], size_t *peer_cid_len ) { - ((void) ssl); - ((void) peer_cid); - ((void) peer_cid_len); - *enabled = MBEDTLS_SSL_CID_DISABLED; + + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + + /* We report MBEDTLS_SSL_CID_DISABLED in case the CID extensions + * were used, but client and server requested the empty CID. + * This is indistinguishable from not using the CID extension + * in the first place. */ + if( ssl->transform_in->in_cid_len == 0 && + ssl->transform_in->out_cid_len == 0 ) + { + return( 0 ); + } + + *peer_cid_len = ssl->transform_in->out_cid_len; + memcpy( peer_cid, ssl->transform_in->out_cid, + ssl->transform_in->out_cid_len ); + + *enabled = MBEDTLS_SSL_CID_ENABLED; + return( 0 ); } #endif /* MBEDTLS_SSL_CID */ @@ -918,6 +950,25 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } +#if defined(MBEDTLS_SSL_CID) + /* Copy own and peer's CID if the use of the CID + * extension has been negotiated. */ + if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) ); + transform->in_cid_len = ssl->own_cid_len; + transform->out_cid_len = ssl->handshake->peer_cid_len; + memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len ); + memcpy( transform->out_cid, ssl->handshake->peer_cid, + ssl->handshake->peer_cid_len ); + + MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid, + transform->out_cid_len ); + MBEDTLS_SSL_DEBUG_BUF( 3, "Incoming CID", transform->in_cid, + transform->in_cid_len ); + } +#endif /* MBEDTLS_SSL_CID */ + /* * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index a524f81ce..cb5bea7dc 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2180,7 +2180,7 @@ int main( int argc, char *argv[] ) (unsigned) peer_cid_len ); while( idx < peer_cid_len ) { - mbedtls_printf( "%#02x ", peer_cid[ idx ] ); + mbedtls_printf( "%02x ", peer_cid[ idx ] ); idx++; } mbedtls_printf( "\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 60c5a507d..a94ddac8e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -924,7 +924,8 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl, #endif /* SNI_OPTION */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) || \ + defined(MBEDTLS_SSL_CID) #define HEX2NUM( c ) \ do \ @@ -967,6 +968,10 @@ int unhexify( unsigned char *output, const char *input, size_t *olen ) return( 0 ); } +#endif + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) + typedef struct _psk_entry psk_entry; struct _psk_entry @@ -3330,7 +3335,7 @@ handshake: (unsigned) peer_cid_len ); while( idx < peer_cid_len ) { - mbedtls_printf( "%#02x ", peer_cid[ idx ] ); + mbedtls_printf( "%02x ", peer_cid[ idx ] ); idx++; } mbedtls_printf( "\n" ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0037429a9..de0653241 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1278,94 +1278,289 @@ run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client enabled, server disabled" \ - "$P_SRV dtls=1 cid=0" \ - "$P_CLI dtls=1 cid=1 cid_val=deadbeef" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=0" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + 0 \ + -s "Disable use of CID extension." \ + -s "found CID extension" \ + -s "Client sent CID extension, but CID disabled" \ + -c "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -S "server hello, adding CID extension" \ + -C "found CID extension" \ + -S "Copy CIDs into SSL transform" \ + -C "Copy CIDs into SSL transform" \ + -c "Use of Connection ID was rejected by the server" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client disabled, server enabled" \ - "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI dtls=1 cid=0" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + "$P_CLI debug_level=3 dtls=1 cid=0" \ + 0 \ + -c "Disable use of CID extension." \ + -C "client hello, adding CID extension" \ + -S "found CID extension" \ + -s "Enable use of CID extension." \ + -S "server hello, adding CID extension" \ + -C "found CID extension" \ + -S "Copy CIDs into SSL transform" \ + -C "Copy CIDs into SSL transform" \ + -s "Use of Connection ID was not offered by the client" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty" \ - "$P_SRV dtls=1 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 cid=1 cid_val=beef" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty" \ - "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI dtls=1 cid=1" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + "$P_CLI debug_level=3 dtls=1 cid=1" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 4 Bytes): de ad be ef" \ + -s "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 cid_val=deadbeef" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -s "Peer CID (length 4 Bytes): de ad be ef" \ + -c "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -S "Use of Connection ID has been negotiated" \ + -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CCM-8" \ - "$P_SRV dtls=1 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CCM-8" \ - "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 4 Bytes): de ad be ef" \ + -s "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CCM-8" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -s "Peer CID (length 4 Bytes): de ad be ef" \ + -c "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CCM-8" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -S "Use of Connection ID has been negotiated" \ + -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID nonempty, AES-128-CBC" \ - "$P_SRV dtls=1 cid=1 cid_val=dead" \ - "$P_CLI dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client CID empty, AES-128-CBC" \ - "$P_SRV dtls=1 cid=1 cid_val=deadbeef" \ - "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ + "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 4 Bytes): de ad be ef" \ + -s "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Server CID empty, AES-128-CBC" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -s "Peer CID (length 4 Bytes): de ad be ef" \ + -c "Peer CID (length 0 Bytes):" requires_config_enabled MBEDTLS_SSL_CID run_test "(STUB) Connection ID: Client+Server enabled, Client+Server CID empty, AES-128-CBC" \ - "$P_SRV dtls=1 cid=1" \ - "$P_CLI dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -S "Use of Connection ID has been negotiated" \ + -C "Use of Connection ID has been negotiated" requires_config_enabled MBEDTLS_SSL_CID requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "(STUB) Connection ID: Client+Server enabled, renegotiate" \ - "$P_SRV dtls=1 cid=1 cid_val=dead renegotiation=1" \ - "$P_CLI dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ - 0 + "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ + "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ + 0 \ + -c "Enable use of CID extension." \ + -s "Enable use of CID extension." \ + -c "client hello, adding CID extension" \ + -s "found CID extension" \ + -s "Use of CID extension negotiated" \ + -s "server hello, adding CID extension" \ + -c "found CID extension" \ + -c "Use of CID extension negotiated" \ + -s "Copy CIDs into SSL transform" \ + -c "Copy CIDs into SSL transform" \ + -s "Use of Connection ID has been negotiated" \ + -c "Use of Connection ID has been negotiated" \ + -c "Peer CID (length 2 Bytes): de ad" \ + -s "Peer CID (length 2 Bytes): be ef" # Tests for Encrypt-then-MAC extension